Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone (techcrunch.com) 145
An anonymous reader quotes a report from TechCrunch: Buried in Apple's latest range of MacBooks -- including the MacBook Pro out earlier this year and the just-announced MacBook Air -- is the new T2 security chip, which helps protect the device's encryption keys, storage, fingerprint data and secure boot features. Little was known about the chip until today. According to its newest published security guide, the chip comes with a hardware microphone disconnect feature that physically cuts the device's microphone from the rest of the hardware whenever the lid is closed. "This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed," said the support guide. The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed." Apple said the new feature adds a "never before seen" level of security for its Macs, without being quite so blunt as to say: Macs get malware too.
T2 chip? (Score:3)
Re: (Score:2)
Next week, we'll hear of some security flaw which allows evildoers to listen in based on fluctuations in SSD access times, or some such.
Re: T2 chip? (Score:2)
The wheel is pretty easy to implement too.
Re: (Score:2)
Re: (Score:2)
Unfortunately, we are not talking about or thunderbolt or lightning ports. The cameras on all modern Macs are USB devices.
Re: (Score:2)
Please state your confusion in the form of a coherent question.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Don't worry, they're iterating as fast as they can.
Re: T2 chip? (Score:1)
for a minute there i thought they were going to stop the baseband processor being used to remotely listen on iphones. silly me.
Re:T2 chip? (Score:4, Insightful)
Is the T2 chip really needed to implement a simple hardware disconnect?
No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.
Re: (Score:2)
Re: (Score:2)
Given the additional functionality this thing provides (as you said, the mic disable thing is pretty easy), I would be surprised if it's pure ASIC, though some of the ASICs available now are pretty complex. I was thinking it was some kind of minimalist CPU with embedded RAM, etc. It would be interesting to know the provider...
That's easy: Apple.
They have been designing custom silicon since the Apple ][ days. Seriously.
Re: (Score:1)
How much do you want to bet it will also be used as a Hackintosh Defeat Device?
Re: (Score:2, Interesting)
It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.
Re: (Score:3)
This may well be the intention. The day of the hackintosh seems almost over anyway. There is sufficient bloat in macOS that it rivals Windows 10, although without so many phone-homes and in-your-face ads.
The Mac is only barely more immune from hacking and malware than Windoze. Even Linux and ?BSDs are having their own problems. I'm not sure the hacks needed to do a Mac clone are worth the trouble. There are a few features that I personally like in High Sierra+, but it's not worth the trouble. My need for en
Re: (Score:3)
The Mac is only barely more immune from hacking and malware than Windoze.
That is demonstrably untrue.
Re: (Score:2)
Re: (Score:1)
The Mac is only barely more immune from hacking and malware than Windoze.
That is demonstrably untrue.
But in which direction? Are you asserting that the Mac* is no more immune to hackers and malware than a M$ Windows computer, or that it is FAR more? Can you substantiate your claim?
* By "Mac," I think we must agree because of the role the user plays as a sysadmin, that it's pointless because without qualification the word is functionally meaningless, to talk about a Mac generically. For the purposes of this discussion, I think we should limit the meaning of the word "Mac" to mean an Apple, Inc., built, offered for retail sale computer as part of the Mac line, (i.e., iMacs, Trash-Can Mac Pros, Mac Minis, and all variants of MacBook,) running a cleanly (or factory) installed copy of the latest version of macOS, which at any given time is the current version, that the "rootless" feature, or System Integrity Protection is and has always been enabled, that the "Allow apps downloaded from:" security settings has never been set to anything but "App Store" only, that firewall is enabled, that automatic updates is selected, and that all this was so BEFORE it was ever connected to the internet, and has remained so ever since. Therefore, excluded would be any Mac running any previous version of OS X or macOS, any Mac which has any updates that have ever not been immediately applied, any Mac on which any software NOT from Apple has ever been run, any "vintage" Mac that cannot run (or is not running) the latest stable/production release of the OS, and obviously any "Hackintosh" computers. Any Mac connected to the internet BEFORE all the security settings were selected must be excluded, which kind of means that MOST Macs would be excluded, since you'd have to connect yours TO the internet TO download security updates, meaning if you DID need an update right after you bought it... you'd have HAD to connect it to the internet BEFORE it was fully patched and up-to-date... (oops! that can't be counted,) and also any Mac for which you are not the first owner, as you can't prove what happened to it BEFORE you got it, and also any Mac which you've let any other people use under your login, or whom you have provided with their own login account on your machine, who was then allowed to use it (not completely supervised and observed,) by you. So honestly, there really aren't NEARLY as many Mac computers out there to make this comparison with as you might think or expect.
Obviously, any Mac running Bootcamp must also be excluded, at least when NOT booted into macOS.
What if instead of malware, we had MalWear? MalWear is something you can buy at a store (also called MalWear, or something similar,) which stocks war-surplus Independent Browncoats, guns that look like they should go "bang-bang" but instead go "pew-pew" or "zzaouuuu," and of course vaguely futuristic-looking yet simultaneously old-timey western-wear like what Captain Malcolm "Mal" Reynolds wears in the sci-fi/old-west series, "Firefly" (and of course, the film "Serenity"). I wouldn't mind having some of THAT kind of MalWear. I actually toyed with the idea of buying one of the jackets, but... guess I'm not enough of a Browncoat myself, after all. (I was raised on an Alliance world, (Earth that Was,) after all. It kind of spoils you.)
Actually, I'd be willing to stipulate that Macs are far more impervious to malware than a Windows box, REGARDLESS of the above stipulations (all that would make it too easy, right?), with the notable exception that the User cannot have been tricked by Social Engineering into ignoring all warnings and instead, installed a Trojan.
I think we can all agree that NO reasonable OS can guard against a User with sufficient permissions and insufficient smarts. And I will stipulate that macOS is, of course, no except
Re: (Score:2)
Re: (Score:1)
The Mac is only barely more immune from hacking and malware than Windoze.
That is demonstrably untrue.
But in which direction? [...]
Actually, I'd be willing to stipulate that Macs are far more impervious to malware than a Windows box, REGARDLESS of the above stipulations (all that would make it too easy, right?), with the notable exception that the User cannot have been tricked by Social Engineering into ignoring all warnings and instead, installed a Trojan.
I think we can all agree that NO reasonable OS can guard against a User with sufficient permissions and insufficient smarts. And I will stipulate that macOS is, of course, no exception.
I was talking about the rando "Open this email, get pwned" type of stuff. That STILL happens all too often in the Windows world. I work in that environment every day, and can also read.
Not to be argumentative, and I almost hate to ask it, but do you remember when Apple shipped a production version of macOS where you could gain root by trying to login as root and just provided no password?
I think the argument could be made that macOS is USUALLY more secure, when someone at Apple has not royally cocked up (as they occasionally do,) and left the keys metaphorically hanging from the lock in the highly secure door.
Did anyone hear if Apple fired anyone over that debacle? Im curious.
According to the Google Machine, it was about a year ago, on macOS High Sierra. The bug existed for all of about 24 hours after it was uncovered before being Patched. Obviously, an error in QA; but no sign that it was ever exploited (Thank $Deity)...
https://arstechnica.com/inform... [arstechnica.com]
And as the article pointed out, it wasn't just that you could login with any random username and just skip the password, there was a particular "procedure" (that, BTW, didn't ALWAYS work!), to trigger the bug. That is also a good
Re: (Score:2)
Not really, these days most of the attacks are on web browsers and the the same ones run on MacOS as on every other system. The only real differences are the level of protection that the OS provides (e.g. sandboxing) and how easy it is to manipulate the UI to confuse the user.
MacOS doesn't seem to be significantly better in these regards. It's had it's fair share of gaffes too, such as allowing Unicode bidirectional markers in file names.
Re: (Score:1)
Not really, these days most of the attacks are on web browsers and the the same ones run on MacOS as on every other system. The only real differences are the level of protection that the OS provides (e.g. sandboxing) and how easy it is to manipulate the UI to confuse the user.
MacOS doesn't seem to be significantly better in these regards. It's had it's fair share of gaffes too, such as allowing Unicode bidirectional markers in file names.
...and yet?
Re: (Score:3)
It 100% is that. Some future version of macOS will drop support for all Macs without these chips. Why else put one in the Mac mini? What purpose does that serve? Once they do that: no more Hackintoshes as you can guarantee that the kernel will be encrypted using a key that only these "security" chips can decrypt, and the decrypted kernel image will be locked away from all user code.
It does audio processing, transparent SSD encryption, and bunch of other system stuff that applies to both desktop and mobile Macs. In fact, the first Mac with a T2 chip was the 2017 iMac Pro.
And if you knew any history, you'd know that Apple had the PERFECT opportunity to put a Hardware Lock on OS X/macOS. The first Intel Macs, which were LOANED to Developers for about a year, while Apple cranked out the first Production Macs, were nothing more than a modified G5 Tower case with an Intel Motherboard inside
Re: T2 chip? (Score:2)
Re: (Score:1)
Actually, there is a chip in every Mac containing a 64 bit code that is needed during the boot process. Easy to get around. Just enough to invoke the DMCA against any Hackintosh user - if Apple wanted to.
And considering that they haven't exercised anything like that for the ENTIRETY of the 15 years of Intel Macs, anyone so "charged" at this point would have a pretty good legal argument against prosecution.
It's like if I pay my rent 10 days late every month for 5 years, and my landlord suddenly decides to evict me for paying late, I would have a valid legal argument that they "let it happen". I can't remember the legal term off-hand; but it is a real thing.
Re: (Score:2)
It is a real thing in general contract law, but that isn't going to touch something with specific legislation like DMCA.
More likely, the argument is simply wrong on its claims due to being overly-broad when the statute is actually much narrower. Just because a code is needed doesn't actually make it an access control; many of the ICs in a circuit have to be sent a code during startup, so that the chip can make sure you were trying to start it up before it starts up. And to give you time to get everything re
Re: (Score:1)
It is a real thing in general contract law, but that isn't going to touch something with specific legislation like DMCA.
More likely, the argument is simply wrong on its claims due to being overly-broad when the statute is actually much narrower. Just because a code is needed doesn't actually make it an access control; many of the ICs in a circuit have to be sent a code during startup, so that the chip can make sure you were trying to start it up before it starts up. And to give you time to get everything ready before telling it to start. Being required at boot doesn't automatically make those things into access controls.
All VERY good points! Thanks for the info!!!
The sad thing is, something like the T2 chip, to ensure a "clean boot", is something that can be used for good, or evil. The "good" uses are the VERY nice thing that RootKits are effectively neutered; since a machine so-compromised will likely not pass the Boot Test. Same thing with many classes of viruses, I think.
But of course, that same capability can be used to effectively lock software to hardware, or to prevent the installation and dual-booting from alternat
Re: (Score:2)
It's also in charge of making sure that if you ever attempt to repair it, it won't boot until you pay Apple for the privilege.
Prove it.
Re: (Score:2)
Is the T2 chip really needed to implement a simple hardware disconnect?
No, but since it must be a totally proprietary ASIC, they threw in an analog switch, tied it's enable line to the state of the lid switch, and routed the microphone signal through the analog switch, then provide a 'MIC_OUT' pin to go to whatever handles audio.
Exactly. Took 5 minutes of engineering time, max.
Re: (Score:2)
They should have dedicated an entire separate computer to the task of switching off audio. Clearly they still haven't made it complicated enough yet.
Re: (Score:2)
Once you figure out what "entire computer" means, you'll realize that you're not being sarcastic or insightful, and that it is most certainly "an entire separate computer" but also there are already probably 50 "entire separate computers" on their motherboard.
Even what appears to be an analog op-amp is actually an "entire (digital) computer."
Re: (Score:1)
Re: (Score:1)
Yes I agree this is its actual purpose is to keep you from soldering your own chips on your motherboard or changing components out you don't like or tinkering. They are trying to change the paradigm of you don't own your own hardware you bought yourself. Just like John Deere and the Auto companies are keeping you from modding your vehicles or repairing our own tractor. Apple is ushering in a new era of we own your hardware. They will go after people now if you circumvent this device.
Re: (Score:2)
You are the one claiming Apple locked up people buying refurbished batteries and he's the crazy one?
Also, only the home button, if you replace it, it will turn into a home button without fingerprint read ability. Apparently you don't live in this reality?
Comment removed (Score:4, Informative)
Re: (Score:2)
No, its primary purpose is to store your fingerprint and encryption key data securely. Google "Apple Secure Enclave" and read all about it.
-jcr
Exactly.
Re: (Score:2)
Re: T2 chip? (Score:1)
Re: (Score:1)
Besides, that's not the real purpose of the T2 chip. Apple is struggling to come up with reasons why anyone would want it, but its real purpose is quite simple: to prevent the machine from booting if you repair it at a non-Apple repair shop.
That's the only thing the T2 actually does: verify that all the hardware is the same as it was when the machine last booted, and only allow hardware to change if given a special encrypted message from Apple. It's designed to prevent third-party repair shops. That's its primary purpose.
This "microphone switch" thing is just a bogus excuse to try and market a user-hostile feature as a positive.
So, how does that paranoid delusion line-up with the fact that the Mac mini, with its T2 chip, has User-Upgradeable RAM, and possibly Upgradeable SSD, too?
Answer: It doesn't.
And BTW, anything other than the CPU that isn't a very simple component (and thus beneath the purview of any "hardware tamper checking"), is likely to be a custom component, especially since the mini is, well, pretty "mini", as far as its overall size...
Re: (Score:2)
Why do you hate Apple and Macs so much? Did someone used a Mac to touch you inappropriately when you were young?
Go on. Show us on a stick figure where the bad touch happened.
Re: (Score:2)
I don't know about the coward, but I know when I tried to touch an Apple ][e in an inappropriate way it hurt for a whole week.
Right there, on the doll. That's where it hurt.
Re: (Score:1)
Re: (Score:3)
Is the T2 chip really needed to implement a simple hardware disconnect? Also, is this terribly useful anyway, because hackers can still eavesdrop with the lid open? (99% of the time, the computer will be asleep or off with the lid closed anyway.)
No.
The T2 chip does a BUNCH of stuff. This was something that took two dedicated pins/pads and a single transistor in the chip.
Why not?
Re: T2 chip? (Score:2)
Any system with remote management features made in the last decade have ways of being woken up remotely. Wake-on-LAN, vPro / AMT, etc
Re: (Score:2)
Is the T2 chip really needed to implement a simple hardware disconnect?
You can't just disconnect the wire, you have to gently reduce the signal or you'll generate a bunch of crackle and pop.
Plus, you'd at least need a transistor. So, an IC. But with just that, you'd also need a capacitor and resistor to prevent the crackle/pop.
They can make their own IC for about the same price that they'd pay for a discrete transistor, and they'd both be the same tiny package. But their own IC would have its own capacitors and resistors built in; it would cost less and use less space!
If it wa
Re: (Score:3)
Re: (Score:2)
No. We don't need a lockdown chip aka modern version of the Clipper Chip polluting our hardware.
This is NOTHING like the Clipper Chip.
Errr Title? (Score:4, Insightful)
Title: Apple's New T2 Security Chip Will Prevent Hackers From Eavesdropping On Your Microphone
Summary: "This disconnect is implemented in hardware alone, and therefore prevents [snip] even the software on the T2 chip, from engaging the microphone when the lid is closed,"
So...
Re: Errr Title? (Score:2)
So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.
Re: (Score:2)
So what? Itâ(TM)s implemented in the chip but not software controllable. Seems pretty straightforward.
Exactly.
And since laptops like the new MacBook Air have MULTIPLE microphones for better phone-call and "Hey, Siri" operation, it is easier to implement a hardware-switch electronically than mechanically. And since Apple was building this chip anyway, why not stick a 3 channel Analog Switch with a single Enable line in the same chip?
Re: (Score:2)
Well I guess in this brave new world we need to throw silicon at things that could be easily achieved via a dumb switch.
Re: (Score:2)
It isn't as easy as you think; unplug a microphone without turning the gain down. Hear anything?! If you didn't hear a bunch of noise, it means whatever you were unplugging it from didn't use a dumb switch, it either used some silicon or some external passive components to prevent the pop. Anything like a laptop where space is at a premium and it is being manufactured in large quantities, then throwing silicon at the problem is cheaper than the passives. Better results, too.
Re: (Score:2)
It isn't as easy as you think; unplug a microphone without turning the gain down.
So ... use a switch with two contacts, one to alert the audio chip that the mic is unplugged.
Yes actually it is precisely as easy as I think. I design exactly these kinds of audio circuits, in the past for a living, now for a hobby.
then throwing silicon at the problem is cheaper than the passives
The thing with passives is you already have them, unless you're not using "hardware" to detect conditions as the summary would imply.
Re: (Score:2)
It's not even new, this kind of thing has been on laptops for decades. I remember similar stuff back in the 90s, where a physical switch would be actuated by closing the lid and disable stuff like the screen backlight and the microphone. Back then Windows' power management was a joke so manufacturers used hardware switches.
Re: (Score:2)
Re: (Score:2)
T2 (Score:1)
Judgement Day
It's a more advanced version of the T1, sent back from the future to kill the leader of the resistance.
Hello we invented a $500 lid switch! BUY BUY BUY! (Score:2)
No, it doesn't work on the camera.
Re: (Score:2)
To be fair, they said it doesn't work on the camera because the camera's view isn't exactly problematic when the lid is closed. ;)
A switch? (Score:3)
Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
Re: A switch? (Score:2)
So which laptop that you designed has this simple feature?
Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.
Re: (Score:2)
So which laptop that you designed has this simple feature?
Oh thatâ(TM)s right, you didnâ(TM)t think of it. Just like everyone else.
I know you assume that since I'm posting on Slashdot that I'm an expert in the field, but I not actually a laptop design engineer.
I tried to find the forum post where I suggested exactly this feature a couple years ago, but I don't remember where it was. A hardware switch to physically disable the camera and microphone sounds like such a no-brainer than I didn't think anyone would think it was innovative or hard to imagine.
Re: A switch? (Score:2)
It isnâ(TM)t, and yet no laptops have it. The story here isnâ(TM)t that lid switches are innovative, itâ(TM)s that finally a company understands that privacy is a feature.
Re: (Score:1)
No, the story here is that a company has created special hardware to behave like a switch. Special hardware which is so ridiculously complex for the job at hand, that it's almost guaranteed to be exploitable.
Re: (Score:2)
Oh thatâ(TM)s right, you didnâ(TM)t think of it.
Thanks Jar-Jar. What do they call switches on your planet?
Or so you think (Score:2)
I have a better idea. My laptop doesn't have a microphone.
Does it have speakers?
Then it has a microphone.
Re: (Score:1)
Not without an amplifying element to pick up the signal the speaker's voice coil generates.
Re: (Score:2)
Not without an amplifying element to pick up the signal the speaker's voice coil generates.
So you have personally inspected the electronics around your speakers and are sure no such amplification exists?
Seems like a laptop that explicitly left off microphones is exactly the kind of device you would hide speaker amplification in.
Re: Or so you think (Score:2)
Bets are all off, then. There have gotta be six extra mics buried in there. In fact, this mystery laptop you describe probably has a robotic arm hidden in it to implant the anal probe after you fall asleep.
Re: (Score:1)
What is this 'jack' thing you refer to? Is it something Apple hasn't invented yet?
Re: (Score:3)
Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't in
Re: (Score:2)
Right. Just like it wasn't innovative to have a power cord that attaches magnetically, and easily separates from the laptop when your pet/child/own clumsy ass trips over the cord without sending the computer to the floor, because rice cookers had them over a decade ago. So very obvious that it wasn't innovative - yet only one company thought to try it.
If that's such a great laptop innovation, then why isn't Apple using them anymore?
Re: (Score:2)
That Apple has developed an unhealthy Air fetish (minimizing laptop dimensions to the detriment of usability) in no way diminishes the advantages of a magnetically-attaching power cord. The company has more money than God, there's no reason why they can't have a minimalist Air line and a proper Pro line at the same time.
Re: (Score:2)
So very obvious that it wasn't innovative - yet only one company thought to try it.
It's not that it was a great innovation, it's that only Apple thought people would pay for it. The magsafe connector was expensive, made of 14 separate parts and that's just the charger side. It also required the computer and charger to carefully manage the power delivery to avoid shorts, further adding to cost.
Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.
You will note that the magsafe connectors on cooking equipment were almost e
Re: (Score:2)
Apple laptops are expensive devices with high profit margins, so Apple could afford to spend the money on such a connector.
You don't seem to have really internalized what having a high profit margin means.
You're saying, "Gosh, they could just have a low profit margin on their device instead." While true, it isn't a useful point.
As a consumer I certainly don't want to buy a device with a high profit margin! I certainly wouldn't go around expecting such devices to have quality parts. That would be insane.
Re: (Score:2)
Another name for a hardware device that cuts off a device when the lid is closed is a "switch", and it's hardly innovative, even my 30 year old home furnace has a cutoff switch for when the cover is opened.
This switch implementation by Apple is innovative because it may be secretly bypassed in software for lawful surveillance purposes.
Re: (Score:1)
You better encrypt that shit first or you're likely to get a virus.
You have to learn something from OS/2.... (Score:2)
so in the new mac pro storage capped at pci-e x4 (Score:2)
so in the new mac pro storage capped at pci-e x4 stacked off of the t2 chip??
so even if it has 4 pci-e disk at X4 each they will all be locked to the T2 at pci-e X4?
My old iSight had a "hardware disconnect" (Score:2)
When you rotated the barrel of the camera, physical blades would block the lens completely.
Nowadays you have to use a piece of tape to accomplish that simple task. Why not just have a little physical slider, built into the laptop, which would obscure the lens?
Camera not disconnected, but ... (Score:1)
"[...] The camera isn't disconnected, however, because its "field of view is completely obstructed with the lid closed."
That's a perfect idea ... until someone comes up with a way to record audio through fluctuations in the camera's output due to the shifting patterns of air pressure.
Will it thought (Score:2)
Apple New Update (Score:1)
anti self repair (Score:2)
remember, the T2 chip is also used to disable the computer when it detects non-apple replacement parts.
this is just a stupid story to take your attention away from that fact and have you think that having the T2 chip in your computer is a good thing.